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DigiTask - Who we are and what we do 




- Special Telecommunication Systems for Law Enforcement 
Agencies (LEA) 

- Development of special solutions for the needs of LI 

- Located in the middle of Germany 



- DigiTask has overall experience 
of many years in LI systems 

- DigiTask is market leader 
for LI in Germany 

- DigiTask is privately owned 
and independent 
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DigiTask — Main Products 


Digilask 





- Complete LI systems 

• Database supported analysis for 

- telephony 

- real time IP decoding and visualization 

• Integrating multimedia player 

• Supporting ETSI standards 

• Mediation Devices 

• 24/7 support 

• Onsite training 

- WiFi-Catcher 

- Remote Forensic Software 
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1. What intelligence may be lost with today's LI systems? 

2. What is Remote Forensic Software? 

3. What is provided by the DigiTask solution? 
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1. What intelligence is lost? 




Oigilask 



1. What intelligence may be lost with today's LI systems? 



Information that 

• can be gathered but not decoded 

• might be decoded but cannot be gathered 

• is not available even after seizure of equipment 
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1. What intelligence is lost? 
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Instant Messaging Clients 
• encrypted by default: 

- Wikipedia overview of IM lists 55 
clients, 34 with out of the box 
encryption 

- Skype 



* Skype- (BET*) =_ 



Skype Contacts Conversation Call View Tools Help 

Test Account Personalize - 

Add video or write a message here tor 
your friends to see. 

^ Festnetz- und Mobiltelefone anrufen 



Contacts Conversations 



Search Contacts, Groups and Conversation Topics 



^ Skype Test Call 



® Call phones 
Cl Directory 
B Shop 

B 



B0® 



' Give feedback 



Skype Test Call 


♦ Add people 






* & 




Show avatar j 
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Test message 


A 


Skype Test Call 


10:13:11 


" mb _2008 .09 .02 09: 1 3: 09 T est message 




Test Account 


10:14:18 


2nd test message 




Skype Test Call 


10:14:19 


~ — - . 2008 .09 .02 09:14:18 2nd test message 
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. SMS . Send file More - 
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W32, 




Bitwise IM 


GTK2, 


Yes 7 




Carbon 
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ncurses 


Partial 9 


climin 
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Yes 5 ' 11 
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No 
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Source: Wikipedia 
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Remote Forensic Software 



1. What intelligence is lost? 




- External tools for encryption: 

• e.g. SimpLite/SimpPro targets 

- Windows Live Messenger 

- ICQ/ AIM 

- Yahoo 
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- WWW: sensitive data uses HTTPS 



• Online banking 

• E commerce 

• Booking systems 

• Webmail 

• Chat 



https ://www 1 . secure . hsbcnet . com/uims/portal/IDV_CAM 1 0_AUTHENTICATION?initialAccess=tr •«! T [GW 



HSBCnct 









3 https://www. amazon. com/gp/sign-in.html?ie=UTF8&email=&disableCorpSignUp=8 
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amazon.com Hello. Sign in to get personalized recommendations . New customer? Start here . 




About 

Reporti 
what mi 

CustOfT 

Encounti 



HSBCn 



Where' 

♦ Track 

♦ View 
Accoti 



nriaVs Deals Ivl 



ists FT) Gift Cards fvl 



Get FREE Two-Day Shipping Now 0 



Your Account I Help 



«* Y https : //signin . ebay . com/ws/eBaylSAPI . dll?SignIn&ru=http%3A%2F%2Fww w . eb< 



o- 



Welcc 



Ready t< 

Join the mi 
room for on 

Register 

• Bid, bu 

• Shop w 

• Connec 

Registei 



Observable data 

• Remote IP 

• Time and amount of traffic 



https: //secure, hilton.com/en/hi/login/login_protection.jht ml; jsessionid==OXY3AK4CGJHMCSGBJC222 w \r jlGFi 

Hilton, 

Travel sho 



Si 



Tlii'Hilli.nl ; iimili 



• _/ * - ^ 8 https://www. google. com/accounts/Login?continue=http://www. google. com/&hl=i • • 
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Google Accounts 



Sign in 

Google 
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Hofnepiac > login Page 



5V 1 



Login Page 



order to complete your action, please log in: 



ICQ Number or Email :ox>xi00i 

ICQ Pauword | 

r Remember me Q 



E£s3 



Important! The ICQ statt will NEVER ast -ou tor » our password, so don't tell it to anyone 
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Remote Forensic Software 



1. What intelligence is lost? 




- E-Mail 

• POP/SMTP use 

- Local encryption 
PGP, GnuPG 



TSL7SSL 

with 



Account Settings 



Server Settings 



Copies & Folders 
Composition & Addressing 
Offline & Disk Space 
r Junk Settings 
Return Receipts 
Security 
:! Local Folders 



Disk Space 
Junk Settings 
Outgoing Server (SMTP) 



Xj 



Server Settings 



Server Type: 
Server Name: 



IMAP Mail Server 



Default: 143 



X 



Security Settings 
Use secure connection: 

C Never C US, if available <• TLS G SSL 
I - Use secure authentication 



Server Settings 

Check for new messages at startup 
W Check for new messages every jlO minutes 
When I delete a message: j Move it to the Trash folder 
l~~ Clean up ("Expunge*) Inbox on Exit 
V Empty Trash on Exit 



Advanced... 



Local directory: 




I , 









Add Account. . 



Remove Account 

OK ~| Cancel | 
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Remote Forensic Software 



1. What intelligence is lost? 




- VPN connections 

• between endpoints 

• commercial anonymising VPN 
e.g. 

- Relakks 

(Sweden, € 5/month) 

- Swissvpn 

(Switzerland, US$ 5/month) 

- Tor/JAP 

• encrypted traffic 

• changing endpoints 
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Remote Forensic Software 



3U What intelligence is lost? 

- Nomadic targets 

• travellers 

• suspects seeking open WLANs 




- Tapping internet connections of targets useless 



- Disk encryption software 

• Seizure of equipment 
useless if password is 
unknown 
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Remote Forensic Software 



1. What intelligence is lost? 




- Availability 



• Most of this software is 

- easily available 

» computer magazines 
» internet 

- free of cost 

- easy to use 

- Answer to question: 

• Everything may be lost 
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With a few hours effort, today's LI systems can be turned 
blind and deaf. 
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Remote Forensic Software 



2. What is Remote Forensic Software? 




- Stealth software installed on computer of target to 

• overcome encryption 

• handle nomadic targets 

• monitor activity 




for 

• criminal investigations 

• intelligence gathering 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 




3.1. Additional intelligence 

- Audio data, e.g. from messengers 

- Screenshots 

- Keylogs 

- File search 

- Registry settings 

- Remote shell 

- ... (more in track 5) 








■ 


£ 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 

- SSL decryption 

• Keys intercepted in application 

• Keys and encrypted traffic tapped 

• Decoding possible 

• Requires DigiTask LI system 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 

3.2. Data Analysis 

- Standalone system 

• Immediately deployable 

• Backward channel to target 




- Optional seamless integration in DigiTask LI system 

• No new user interface for operators 

• Correlation of RFS data with conventional LI 

• Interactions with target become impossible 

- Core area of private life 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 

3.3. Security 

- Protection of data stream 

• Data is AES encrypted 

• Proxies between target and recording server 

• Connection cannot be traced 

- Authenticity of data 

• File transfers are signed 

• Safeguards against manipulations 

• Important for criminal investigation 
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Remote Forensic Software 



3. What is provided by the DigiTask solution? 



3.4. Customization 




- Software may be built according to court order 

- "Forbidden" features 

• removed from software 

• cannot be activated 

- After installation: 

• online update possible 

- Source code of customization 

• archived 

• verifiable by expert witness 
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Conclusion 


uigilask 





- Encryption for every kind of 
communication easily available 

- Circumvention by means of 
Remote Forensic Software 

- Standalone operation 

- Integration in LI system 

- Authenticity of data for criminal 
investigations 
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Remote Forensic Software 



Further information DigiJask 

Presentation in track 2 today: 

13:30 DigiTask LI system 

Life demonstration in track 5 today: 

14:30 DigiTask LI system 
16:00 Remote Forensic Software 

Visit our booth in main exhibition hall 
Arrange presentation at your location 

Thank you. 
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